Stored Cross-Site Scripting Vulnerability in VMware Aria Operations for Logs
CVE-2025-22219
What is CVE-2025-22219?
VMware Aria Operations for Logs is susceptible to a stored cross-site scripting flaw that allows an attacker with non-administrative privileges to inject malicious scripts. This vulnerability can lead to unauthorized operations being executed as an admin user, compromising system security and the integrity of sensitive data. It highlights the necessity of rigorous input validation and user privilege management to prevent exploitation.
Affected Version(s)
VMware Aria Operations for Logs any 8.x < 8.18.3
News Articles
VMware Aria Operations Vulnerabilities Allow Attackers to Perform Admin-Level Actions
VMware has released a critical security advisory, VMSA-2025-0003, addressing multiple vulnerabilities in VMware Aria Operations.
VMware plugs credential-leaking bugs in Cloud Foundation
Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to...
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by The Register
Vulnerability published
Vulnerability Reserved